Deploy monitoring agents
Use the Deploy Monitoring Agents tool to automatically activate GIM clients, install S-TAPs, and begin monitoring database traffic.
The deploy monitoring agents tool simplifies the process of establishing a Guardium deployment. Building on existing Guardium installation manager (GIM) infrastructure, the deploy monitoring agents tools helps you quickly find database servers, install monitoring agents (S-TAPs), and configure inspection engines for your databases. In addition, the tool provides a centralized view for tracking and reviewing deployment status.
Prerequisites
Review prerequisites and restrictions before you being deploying monitoring agents.
Before using the deploy monitoring agents tool to install S-TAPs and configure inspection engines on your database servers, verify the following prerequisites.
- The target S-TAP installation directory must be empty or not exist.
- You cannot install an S-TAP into a directory that already contains any files.
- Review S-TAP prerequisites
- Windows: Prerequisites: Installing S-TAP
- Install GIM clients in listener mode
- Install GIM clients in listener mode on one or more database servers in your environment. To
install the GIM client in listener mode on Windows systems, omit the
--host
parameter. To install the GIM client in listener mode on systems such as AIX and Linux, omit the--sqlguardip
parameter. For more information about GIM listener mode, see GIM server allocation.Important: You may need to open a port between the GIM client on the database server and the Guardium system where you will run the deploy monitoring agents tool. The default port 8445 is used unless you specify a different port when installing the GIM client. - Upload GIM S-TAP modules to the Guardium system
- Run the deploy monitoring agents tool as an administrative user
from any Guardium system that is not configured as an aggregator. Before you begin, use the
following procedure to upload GIM S-TAP modules to the Guardium system.
- Navigate to .
- Click Choose file and select the module you want to install.
- Click Upload to upload the module to the Guardium system. After uploading, the module will be listed in the Import uploaded modules table.
- In the Import uploaded modules table, click the check box next to the module you want to install. The module will be imported and made available for installation. After the module is imported, the Upload Modules page will reload and the module will no longer appear in the Import uploaded modules table.
For information about S-TAP offerings and supported platforms, see System requirements and supported platforms for IBM Security Guardium.
- Verify that all discoverable database servers are running
- Inspection engines can be automatically configured for some databases, including the following:
- DB2 for Linux, UNIX, and Windows
- Informix
- Microsoft SQL Server
- MySQL
- Oracle
- Postgre SQL
- Sybase
- Teradata
To allow the auto-configuration of inspection engines, verify that databases servers are running before deploying monitoring agents.
For more information about automatically discovering database instances, see Discover database instances; Windows: Discover database instances.
Deploying agents
Learn how to quickly deploy S-TAPs and configure inspection engines for monitoring database traffic.
Before you begin
- GIM clients are installed in listener mode.
- GIM S-TAP modules are imported to the Guardium system.
- Discoverable database servers are running.
Procedure
What to do next
If the S-TAP installation status of a database server is marked
Failed
, click the icon to learn more about the problem. If a database server disappears from the
Database server status after attempting to deploy monitoring agents, click
Error log (if a log is available) to learn more about the problem.
After successfully deploying monitoring agents, you are ready to monitor traffic on your database servers and begin meeting security compliance requirements. To configure compliance monitoring, navigate to Compliance monitoring for more information.
and see